How to Snoop on Your Own Computer and Do a Quick Traces Audit
In addition to being tracked and profiled online, you also have to worry about offline snoops, what anyone with or gaining access to your devices might be able to find out about you and your activities.
Here are some basic device snooping techniques you can try on your own Windows computer. Spend a few minutes poking around it to see what snoops might be able to find. Note that these are only basic techniques. A sophisticated adversary using, for example, powerful forensic analysis software, would be able to probe much deeper into your computer.
Performing these checks helps you to gauge how privately you are going about your activities and the extent to which trace data remains on your computer.
The steps below tend to get more technical as you move along, so stop at your own comfort level or enlist the help of a technically-inclined friend if you need some assistance.
Top Tip – Though we don’t advocate it, these techniques can also be used as a way to check any suspicions you may have about whether your spouse, partner, children or anyone else may be up to inappropriate behavior on a device. For example, whether they may be: indulging in pornography; accessing hateful, sexist or racist materials; engaging in cyber-cheating or cyber-flirting; downloading copyright infringing (pirated) materials; or engaging in other kinds of potentially inappropriate activities.
One of the quickest and easiest checks you can perform is to see if your device’s Recycle Bin (or Trash) contains any hints of private or sensitive items. Unless the Recycle Bin has been emptied, its contents are easily accessed and can provide plenty of clues about the activities you have been up to on your device.
If an item’s filename alone doesn’t sufficiently satisfy your curiosity, you can right-click on an item and select Restore to un-delete it. When doing so, take note of the item’s displayed original location as this is the folder in which the undeleted item will reappear. This folder might also contain other items or clues about the item and related activities.
Figure: Undeleting some seemingly suspicious items from the Windows Recycle Bin
Most Recently Used Items
Most operating systems, including Windows, retain records of items you most recently accessed on your device as a way for you to quickly access them again. However, these records can also reveal private and sensitive activities.
Look for the most recently used items on your device. In Windows generally, click on the Start menu and select the ‘Recent Items’ fly out (see screenshot). You will see a list of the items you most recently accessed on your device.
For individual apps, from media players to word processors, check if they have a recent items feature. This can usually be found under or near the File and Open menu items.
In either case, selecting an item from the list will open it unless it has been deleted, moved, renamed, encrypted or saved to a different location or device. Even in these cases, sometimes the filenames of items alone may reveal plenty about your activities.
Web Browser History
Look at your web browser app’s records of the websites you have visited. Specific instructions vary for each browser but look for menu items or icons called History.
In the Chrome web browser for Windows, you access this information from the following menu choices: Customize and control (the three horizontal lines icon at the upper-right, ≡) > History menu item. You can also access the History directly in Chrome with the keystroke shortcut Ctrl+H.
Unless these records have been cleared, the browser will display a detailed list of all the websites you have visited, sometimes going back a very long time. Scroll through the list of sites to see what it contains and select a link (if its name or description is unclear) to revisit the destination webpage and investigate further.
Downloads Folder and History
Look in your device’s Downloads destination folder(s). In Windows, select the Start menu and select the Downloads item or type “downloads” to access the main downloads folder. Or you can use Windows Explorer and look for the Downloads folder(s).
Your web browser also keeps records of what you download from the web; look for a Downloads menu item. In the Chrome web browser, select the Customize and control icon (the three horizontal lines at the upper-right, ≡) and then Downloads. You can also access the Downloads records directly in Chrome with the keystroke shortcut Ctrl+J. If the records have not been cleared, you will see a list of the items you downloaded.
Web Browser Bookmarks
If someone checked the bookmarks saved in your web browser what would they find? These are amongst the easiest and potentially most personal records on your device. In the Chrome web browser, bookmarks are quickly accessible from the Customize and control icon (≡) and then selecting the Bookmarks fly-out menu. You can also access them directly in Chrome by pressing Ctrl+Shift+O which presents them together with a handy search feature.
Web Browser Autocomplete
Most web browsers have an autocomplete feature for the search bar. If the feature has not been disabled or its hidden records cleared, your browser retains past searches you conducted and websites you visited to help you re-search or re-visit them more easily. Though intended as a convenience, it can also be a way for a snoop to detect your past web searches and browsing.
For example, if you start to enter “cogipas” in your web browser’s search bar, it will display any terms searched or websites visited that match the letters as you type them in (see screenshot).
Of course, the same holds true if you enter the word “bankruptcy”, “illness”, “depression”, “flirt”, “sex”, “porn”, “divorce” or any other terms you wish to check. You can experiment with different words, terms or parts of them. If it was previously entered into the web browser’s search bar or matches a website recently visited, the browser bar will display the full search or URL (see screenshot).
Figure: Unless the browser’s autocomplete feature has been disabled or its records cleared, it can be used to reveal your past web searches and browsing
You can even enter a single letter or a couple letters of the alphabet at a time and check the displayed list of matching searched terms or visited websites. This is more time consuming, but a more comprehensive way to check the autocomplete’s records. In contrast with a web browser’s History, most web browser’s do not let you see a list of the Autocomplete records.
Web Browser Cookies
Cookies can also provide snoops with clues about your activities. Check to see what your cookies may reveal. In the Chrome web browser, you access this information from the following menu choices: Customize and control menu button (the three horizontal lines at the upper-right, ≡) > Settings > show advanced settings… (near the bottom). On the displayed page look for the Privacy heading and select the button Content Settings…. Then select the button All cookies and site data….
You will usually see a long list of cookies, some of which will correlate to websites you’ve been visiting.
Detecting Deleted Items with a File Recovery (Undelete) App
Many free and easy-to-use file recovery (undelete) apps are available that can detect the names of deleted items and sometimes recover the items fully intact. By deleted items, this time we mean items that have been emptied from the Recycle Bin (or Trash).
Many of these apps are free and can be installed to and used from a USB stick, leaving no obvious traces behind on the device scanned. This is an ideal way for a snoop to check your device without you ever knowing about it. Use such an app to see what deleted terms it detects on your device (see screenshot).
Searching Item Names
Though it can take a bit of time depending on the size of your storage media, it is easy to search for a certain term in the names of all the items on a device. In Windows, select the Start menu and type “computer” in the Search box. Select Computer from the list or you can select the My Computer icon on your desktop.
A file Explorer window will open and in the upper-right corner (see screenshot) you can enter a search term or file type to initiate a search across your entire device. There are two main strategies you can use and you can always try both.
- Search strategy #1: Adding a search filter by the kind (type) of items you are searching for such as pictures, movies, music, documents, etc. (see screenshot). This strategy may give you lots of wrong hits (sometimes called false positives), but it ensures that your search is wide and, for example, that you detect items that were carefully named (or renamed) so that they wouldn’t stand out.
- Search strategy #2: Using terms common to the subject matter or topic you wish to search for such as financial information, personal documents, medical information, erotica, media downloads, etc. This calls for a bit of judgment because you have to think of and enter in the search box some terms that are relevant to what you are searching for.
Whichever strategy you use, you will be presented with a list of your search results (it may be very long and have taken some time!). Simply scroll down the list and investigate (open) any items of interest, continuing this process and performing additional searches until your curiosity has been satisfied.
Manually Searching the Registry (Advanced Users)
This search technique looks for a term (keyword) in the “guts” of your Windows device including its app settings, the names and folder locations of recent downloads and temporary items, as well as many other often hidden sources of data and trace records.
Recall that the Registry is a large database of technical data and information used by Windows and your apps. Using the Registry Editor, you can search for specific strings (keywords) related to any downloads, items or activities you would rather keep private.
This technique is somewhat similar to the one above about searching item names and it too may generate many false positives. However, it can also discover items you deleted, renamed, moved, encrypted or even wiped.
Advanced users can check the Windows Registry by typing “regedit” in the Windows Start menu (see screenshot). The look and feel of the Registry Editor is similar to Windows Explorer.
! Warning ! – You can harm the operation of your device if you delete or change items in the Registry, so please make sure you use only the Edit > Find command from the menu to view entries, never delete or do anything else in the Registry for this exercise.
From Registry Editor’s menu choose Edit > Find (or Ctrl+F on your keyboard). Now type your search term in the dialogue box and select OK or Find Next (see screenshot). Unlike searching for file items, you can only look for one keyword at a time in Registry Editor so do not enter multiple words or you will not get any results. The Registry is a large database, so the search may take a while.
You can keep searching through the Registry for this same search term by choosing Edit > Find Again from the menu (or pressing F3 on your keyboard). Keep going until you reach the end of the Registry.
Make sure the hits are true positives as some words can occur by accident because there are large amounts of raw data in the Registry. Sometimes search hits are not what you first think they are, so check them carefully.
When you get hits using this method, you cannot open the underlying item by selecting or double-clicking it. Rather, when you find items that match your search term in the Registry this means that these items may once have existed on, been downloaded to, viewed on, accessed by, or saved to the device. However, you can often recognize a clear pattern of activity from recurring hits.
Even if the Registry does not contain matches of what you were searching for, this may simply mean that you have been applying the techniques in this book superbly, for example, by using trace data removal and encryption apps to safeguard your digital items, information and data.
- How to Use a Clear History (Privacy Cleaning) App
- How Snoops Use Forensic Software
- Detailed Example of Permanently Deleting Files: Wiping and Purging (Advanced Users)
- Online Privacy Checks You Should Do Right Now